Event Manipulation Schema
- 04 Jul 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Event Manipulation Schema
- Updated on 04 Jul 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Event manipulation Configuration",
"type": "object",
"required": ["eventManipulationConfig"],
"properties": {
"eventManipulationConfig": {
"type": "array",
"description": "Array of event manipulation configs",
"items": {
"type": "object",
"required": ["description", "update_field"],
"properties": {
"description": {
"type": "string",
"description": "Human-readable description of the event manipulation config"
},
"update_field": {
"type": "string",
"description": "Field name to manipulate",
"enum": [
"acknowledgetime_conv", "acknowledgetimetext_conv", "agentip_conv", "alert_conv", "created_date_conv", "description_conv",
"device_agent_name", "device_region_name", "devicename_conv", "displayname_conv", "enterprise_conv", "eventid_conv", "last_text_time_conv", "last_time_conv", "last_time_in_conv",
"location_conv", "origination_conv", "rawdevicename_conv", "source_conv", "source_id", "subdevicename_conv", "text_time_conv",
"time_conv", "time_in_conv", "tenant", "tenant_id" ,"trapname_conv", "servername_conv"
]
},
"value_to_update": {
"type": "string",
"description": "Value to set to the field being manipulated"
},
"value_from_field": {
"type": "string",
"description": "Field to get the value from to set to the field being manipulated",
"enum": [
"acknowledgetime_conv", "acknowledgetimetext_conv", "agentip_conv", "alert_conv", "created_date_conv", "description_conv",
"device_agent_name", "device_region_name", "devicename_conv", "displayname_conv", "enterprise_conv", "eventid_conv", "last_text_time_conv", "last_time_conv", "last_time_in_conv",
"location_conv", "origination_conv", "rawdevicename_conv", "source_conv", "source_id", "subdevicename_conv", "text_time_conv",
"time_conv", "time_in_conv", "tenant", "tenant_id","trapname_conv", "servername_conv"
]
},
"value_from_regex": {
"type": "object",
"description": "Defines a field and regex pattern to extract value from the field",
"required": ["field", "pattern"],
"properties": {
"field": {
"type": "string",
"description": "Name of the field to apply regex to",
"enum": [
"acknowledgetime_conv", "acknowledgetimetext_conv", "agentip_conv", "alert_conv", "created_date_conv", "description_conv",
"device_agent_name", "device_region_name", "devicename_conv", "displayname_conv", "enterprise_conv", "eventid_conv", "last_text_time_conv", "last_time_conv", "last_time_in_conv",
"location_conv", "origination_conv", "rawdevicename_conv", "source_conv", "source_id", "subdevicename_conv", "text_time_conv",
"time_conv", "time_in_conv", "tenant", "tenant_id","trapname_conv", "servername_conv"
]
},
"pattern": {
"type": "string",
"description": "Regex pattern with at least one capturing group"
}
}
},
"AND": {
"type": "array",
"description": "Array of conditions that must all be true (AND logic)",
"items": {
"$ref": "#/definitions/condition"
}
},
"OR": {
"type": "array",
"description": "Array of conditions where at least one must be true (OR logic)",
"items": {
"$ref": "#/definitions/condition"
}
}
},
"oneOf": [
{
"required": ["value_to_update"]
},
{
"required": ["value_from_field"]
},
{
"required": ["value_from_regex"]
}
]
}
}
},
"definitions": {
"condition": {
"oneOf": [
{
"type": "object",
"required": ["field", "operator"],
"properties": {
"field": {
"type": "string",
"description": "Field name to evaluate",
"enum": [
"acknowledgetime_conv", "acknowledgetimetext_conv", "agentip_conv", "alert_conv", "created_date_conv", "description_conv",
"device_agent_name", "device_region_name", "devicename_conv", "displayname_conv", "enterprise_conv", "eventid_conv", "last_text_time_conv", "last_time_conv", "last_time_in_conv",
"location_conv", "origination_conv", "rawdevicename_conv", "source_conv", "source_id", "subdevicename_conv", "text_time_conv",
"time_conv", "time_in_conv", "tenant", "tenant_id","trapname_conv", "servername_conv"
]
},
"operator": {
"type": "string",
"enum": [
"EQUALS", "CONTAINS", "NOT_CONTAINS", "STARTSWITH", "NOT_EQUALS",
"GREATER_THAN", "LESS_THAN", "DATE_EQUALS", "DATE_GREATER_THAN", "DATE_LESS_THAN",
"EMPTY", "NOT_EMPTY", "EQUALS_IGNORE_CASE", "NOT_EQUALS_IGNORE_CASE"
],
"description": "Comparison operator"
},
"values": {
"type": "array",
"description": "Array of values to compare against",
"items": {
"type": "string"
}
}
},
"allOf": [
{
"if": {
"properties": {
"operator": {
"enum": ["EMPTY", "NOT_EMPTY"]
}
}
},
"then": {
"not": {
"required": ["values"]
}
},
"else": {
"required": ["values"]
}
},
{
"if": {
"properties": {
"operator": {
"enum": ["DATE_EQUALS", "DATE_GREATER_THAN", "DATE_LESS_THAN"]
}
}
},
"then": {
"properties": {
"values": {
"items": {
"type": "string",
"pattern": "^(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(\\.\\d{1,9})?)$|^(\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}(\\.\\d{1,3})?)$|^(\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})$",
"description": "A date string in the format: yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSS or yyyy-MM-dd HH:mm:ss.SSS or yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
]
},
{
"type": "object",
"required": ["AND"],
"properties": {
"AND": {
"type": "array",
"description": "Nested AND conditions",
"items": {
"$ref": "#/definitions/condition"
}
}
}
},
{
"type": "object",
"required": ["OR"],
"properties": {
"OR": {
"type": "array",
"description": "Nested OR conditions",
"items": {
"$ref": "#/definitions/condition"
}
}
}
}
]
}
}
}Was this article helpful?